Re: [Dime] Secdir last call review of draft-ietf-dime-group-signaling-13

Marco Liebsch <Marco.Liebsch@neclab.eu> Wed, 03 February 2021 16:31 UTC

Return-Path: <Marco.Liebsch@neclab.eu>
X-Original-To: dime@ietfa.amsl.com
Delivered-To: dime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C0A23A097B; Wed, 3 Feb 2021 08:31:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 25Y438EfOC0s; Wed, 3 Feb 2021 08:31:14 -0800 (PST)
Received: from mailer1.neclab.eu (mailer1.neclab.eu [195.37.70.40]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C9203A0977; Wed, 3 Feb 2021 08:31:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mailer1.neclab.eu (Postfix) with ESMTP id 2C7CFFFCFD; Wed, 3 Feb 2021 17:31:10 +0100 (CET)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (atlas-a.office.hd)
Received: from mailer1.neclab.eu ([127.0.0.1]) by localhost (atlas-a.office.hd [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aDqWLJMPx7BT; Wed, 3 Feb 2021 17:31:10 +0100 (CET)
X-ENC: Last-Hop-TLS-encrypted
X-ENC: Last-Hop-TLS-encrypted
Received: from titania.office.hd (titania.office.hd [192.168.24.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mailer1.neclab.eu (Postfix) with ESMTPS id F32A3FF9E1; Wed, 3 Feb 2021 17:31:09 +0100 (CET)
Received: from puck.office.hd (192.168.24.91) by titania.office.hd (192.168.24.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 3 Feb 2021 17:31:09 +0100
Received: from puck.office.hd ([192.168.126.12]) by puck.office.hd ([192.168.126.12]) with mapi id 15.01.2106.006; Wed, 3 Feb 2021 17:31:09 +0100
From: Marco Liebsch <Marco.Liebsch@neclab.eu>
To: Catherine Meadows <catherine.meadows@nrl.navy.mil>, "secdir@ietf.org" <secdir@ietf.org>
CC: "dime@ietf.org" <dime@ietf.org>, "draft-ietf-dime-group-signaling.all@ietf.org" <draft-ietf-dime-group-signaling.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-dime-group-signaling-13
Thread-Index: AQHW9AQtbL+WXnrgPkyP5QXIGFMKkqpGq7YA
Date: Wed, 3 Feb 2021 16:31:09 +0000
Message-ID: <656fca8e311b4e528137258995b5c22e@neclab.eu>
References: <161168017872.21141.3982625411769831365@ietfa.amsl.com>
In-Reply-To: <161168017872.21141.3982625411769831365@ietfa.amsl.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.24.96]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0080_01D6FA52.5B9BAE80"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dime/6bxMNFl-b2M8admFhwO2LJ81d4Q>
Subject: Re: [Dime] Secdir last call review of draft-ietf-dime-group-signaling-13
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dime/>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 16:31:16 -0000

Thanks, Catherine, for the review.

marco

-----Original Message-----
From: Catherine Meadows via Datatracker <noreply@ietf.org>
Sent: Dienstag, 26. Januar 2021 17:56
To: secdir@ietf.org
Cc: dime@ietf.org; draft-ietf-dime-group-signaling.all@ietf.org; 
last-call@ietf.org
Subject: Secdir last call review of draft-ietf-dime-group-signaling-13

Reviewer: Catherine Meadows
Review result: Ready

I have reviewed this document as part of the security directorate's ongoing 
effort to review all IETF documents being processed by the IESG.  These 
comments were written primarily for the benefit of the security area 
directors. Document editors and WG chairs should treat these comments just 
like any other  last call comments.

This draft presents the commands a Diameter node could use to communicate with 
multiple sessions of the Diameter simultaneously.  The Security Considerations 
section mentions two issues.  One is that the use of bulk commands introduces 
increases the ease of implementing certain types of DoS attacks  because a 
single command, e.g. to terminate a session, could affect multiple sessions 
instead of just one.  The other is that current  security mechanisms employed 
by Diameter do not enforce end-to-end security, and so make it difficult to 
trust information received from non-adjacent nodes.  Work is ongoing on 
end-to-end security for Diameter, so it is premature to address end-to-end 
security in this document, which instead relies on available security 
mechanisms.

I think this is a reasonable summary of the security considerations.  Since 
end-to-end security for Diameter is a work in progress, it would be premature 
to attempt to address it in this document.  I consider this document Ready.